BlackLine Privacy Policy

Effective: December 20, 2019

BLACKLINE PRIVACY STATEMENT

This BlackLine Privacy Statement (“Statement”) describes how we collect, use, share and otherwise process information relating to an identified or identifiable individual or household (“Personal Data”), and explains your related rights regarding our processing of your Personal Data. A reference to “BlackLine,” “we,” or “us” is a reference to BlackLine Systems, Inc., 21300 Victory Blvd 12th Floor, Woodland Hills, CA 91367 and the relevant affiliate involved in the processing activity.

1. PROCESSING ACTIVITIES COVERED

This Statement applies to the processing of Personal Data collected by us when you:

  • Visit our public website at www.lewei10.icu (“Public Website”);
  • Use our cloud products and services as an authorized user (for example, as an employee of one of our customers who provided you with access to our services), whether through our hosted service website or any of our mobile apps or otherwise (“Hosted Service”);
  • Submit questions, requests and other communications to us via forms, email, or other communication media;
  • Receive communications from us, including emails, phone calls, or texts;
  • Visit our offices; or
  • Register for, attend and/or otherwise take part in our events or webinars.

BlackLine is the controller of your Personal Data as described in this Statement, unless expressly specified otherwise, and may act as a joint controller with its EU affiliates for the Personal Data of EU customers and prospects.

We may process Personal Data submitted by or for a customer to our Hosted Service. To this end, we process such Personal Data in the role of a processor on behalf of a customer (and/or its affiliates) who is the controller of the Personal Data concerned. Our Hosted Service permits customers to share and manage information by uploading and submitting data or content that can be shared, stored, and accessed through the Hosted Service (“Customer Data”). This Statement does not cover Customer Data, including any Personal Data contained in it. Customers control the nature of Customer Data and are the data controllers. We are a data processor of such Customer Data, which means we only use it as directed by our customers.

2. WHAT PERSONAL DATA DO WE COLLECT DIRECTLY FROM YOU?

PUBLIC WEBSITE INFORMATION COLLECTION

Information Collected

As you navigate the Public Website, BlackLine may collect information such as your Internet Protocol (IP) address, Web browser information and your actions while on the Public Website. This information will be collected, if at all, through the use of commonly-used information-gathering tools, such as cookies and web beacons. Standing alone, this information does not directly identify you personally. When expressing interest in BlackLine’s products or services, or using our “Contact Us” or similar features, you may have the option to provide contact information such as your name, job title, organization name, address, e-mail address, or phone number. You may also have the option of engaging in a “live chat” or other form of interactive communication, during which BlackLine may collect a record of information disclosed by you. Providing this optional information is voluntary on your part, and in the absence of providing such information you remain anonymous to BlackLine.

Use of Information Collected

We use your information, including your Personal Data, for the following purposes:

  • To provide our Public Website and other services to you, to communicate with you about your use of our Public Website and services, to diagnose technical problems, to respond to your inquiries and for other customer service purposes.
  • To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Public Website.
  • To send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters) about us, including information about our products and services, promotions, special offers or events as necessary or to otherwise contact you about products or information we think may interest you. You can opt out of being contacted by us for marketing or promotional purposes by following the instructions in marketing emails we send or by using the information in the “Contacting BlackLine” section, below. Additional restrictions on BlackLine being able to send you marketing information may apply depending on the jurisdiction
  • To better understand how individuals access and use our Public Website, both on an aggregated and individualized basis, in order to improve our Public Website and services and respond to user desires and preferences, and for other research and analytical purposes.
Automated Decision Making

We may use automated decision making to display or send recommendations and personalized offers to you based on your Personal Data, which may include your browsing history, geographic location, employer, job title, and other non-sensitive data.

In cases where information has been limited to a certain area through automated decision making based on your Personal Data, we will present you with the option to view more general information outside of that area that has not been limited.

Third Party Links

The Public Website may contain links to other web sites or third-party applications such as Facebook, Twitter, LinkedIn or YouTube. BlackLine is not responsible for the privacy practices or the content of these other web sites or applications, and we advise you to refer to the policy statements of these third parties to understand how they collect and use information.

HOSTED SERVICE INFORMATION COLLECTION

BlackLine collects information, including Personal Data, from users of the Hosted Service (“User Information”). “User Information” does not include Customer Data as defined above in this Statement. Access to the Hosted Service is subject to the terms and conditions of a Master Subscription Agreement or similar agreement between BlackLine and the party or entity that has subscribed to the Hosted Service. Any User Information provided through the Hosted Service will be subject to this Statement, unless otherwise specified in the Master Subscription Agreement.

Information Collected

The User Information that we collect from you in connection with the Hosted Service includes the following:

  • In order for a user to access the Hosted Service, a user may submit Personal Data to the Hosted Service (user first and last name and e-mail).
  • Information about your device and your usage of the Hosted Service through cookies, web beacons, log files or similar technologies, such as IP addresses or other identifiers, which may qualify as Personal Data.
  • User profile information voluntarily provided by users, for example a phone number or profile picture.
  • If you request customer support, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, and/or email address.
  • BlackLine receives financial information from its customers which may include Personal Data.
Use of Information Collected

BlackLine uses User Information for the purpose of providing and improving the Hosted Service, maintaining security, processing customer payments, communicating with you about your use of the Hosted Service, responding to communications from you, diagnosing technical problems, handling support requests, providing technical support and other customer service and support purposes.

In addition, BlackLine uses User Information to assess and identify potential customer opportunities and send marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters) about us, including information about our products and services, promotions, special offers, educational webinars, best practice summits or other events, or to otherwise contact you about products or information we think may interest you. You can opt out of being contacted by us for marketing or promotional purposes by following the instructions in marketing emails we send or by using the information in the “Contacting BlackLine” section, below. Additional restrictions on BlackLine’s ability to send you marketing information may apply depending on jurisdiction.

BLACKLINE EVENTS INFORMATION COLLECTION

Information Collected

If you register for an event or webinar, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, and/or email address. You may also be required to provide your financial and billing information (such as billing name and address, and credit card number). If you attend an event, we may with your further consent scan your attendee badge, which will provide us your information, such as name, title, company name, address, phone number and email address.

Use of Information Collected

We process Personal Data to plan and host events or webinars for which you have registered or that you attend (including sending related communications to you), to perform our contract with you, and to plan and host events or webinars you have registered for or attend (including sending related communications to you). If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you.

OFFICE VISITOR INFORMATION COLLECTION

If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name, and title. We use this information for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access.

OTHER PERSONAL DATA COLLECTION

If you submit questions, requests, other communications to us via forms, email, or other communication media, we may collect contact information, such as a name, job title, company name, address, phone number or email address. We process such Personal Data to respond to questions, requests and other communications from you.

If you express an interest in obtaining additional information about our services or if our marketing, sales, or business development teams send communications to you, we may process Personal Data you provide to us, including your name, phone number, email address, postal address, job title, job function, company name, or IP address. We process Personal Data to respond to your communications, to deliver relevant email content and to send you marketing information, product recommendations and other non-transactional communications about us, including information about our products and services, promotions, special offers or events as necessary or to otherwise contact you about products or information we think may interest you. You can opt out of being contacted by us for marketing or promotional purposes by following the instructions in marketing emails we send or by using the information in the “Contacting BlackLine” section, below. Additional restrictions on BlackLine being able to send you marketing information may apply depending on the jurisdiction.

3. PERSONAL DATA WE COLLECT FROM OTHER SOURCES

We also collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data provided by you. In particular, we collect Personal Data from third party providers of business contact information, including name, job title, company name, address, phone number and email address for purposes of delivering relevant email content, identifying new customers, engaging with potential new users of the Hosted Service, and delivering marketing materials, personalized communications and event promotion.

4. WHO DO WE SHARE PERSONAL DATA WITH?

Unless expressly specified otherwise, BlackLine will not share your Personal Data or User Information with third parties except as follows:

  • Affiliates. We may disclose Personal Data to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Data will be subject to this Statement.
  • Business Transfers. If we are acquired by or merged with another company, if we are involved in a reorganization or other fundamental corporate change, or if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the Personal Data we have collected to the other company.
  • In Response to Legal Process. We also may use and disclose Personal Data we collect from you in order to comply with the applicable laws, or a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena or to meet national security or law enforcement requirements.
  • To Protect Us and Others. We also use and may disclose Personal Data we collect where we believe it is necessary in order to investigate, prevent or take action regarding actual or suspected illegal activities, violations of any contract or policy, or as evidence in litigation in which BlackLine is involved.
  • Vendors, Service Providers, Contractors and Agents. We may disclose Personal Data to our third-party vendors, service providers, contractors and agents who assist us in business and technical operations. They provide services relating, but not limited to, IT and system administration and hosting, billing, financial transactions, customer support, internet and connectivity, marketing, event organizing, or security pursuant to the legal bases described below.
  • Affiliated Customer. If you are an authorized user of the Hosted Service, we may disclose Personal Data to your affiliated customer responsible for your access to the Hosted Service.
  • Subprocessors. If you are an authorized user of the Hosted Service, we may disclose Personal Data as necessary to provide the Hosted Service. We may disclose User Information to sub-processors as necessary to provide the Hosted Services as disclosed and consented to you in a data processing agreement or otherwise.
  • Aggregate and De-Identified Information. We may share aggregate or de-identified information about users with third parties for marketing, advertising, research or similar purposes.
  • Event Sponsors and Partners. If you register for an event or attend an event organized by us, we may disclose Personal Data to our partners and sponsors of the event for which you register. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy statements. If you do not wish for your information to be shared, you may choose to opt-out via event registration or elect to not have your badge scanned, or you can opt-out in accordance with the “How to Exercise your Rights” section below.

For more information, please contact us by using the information in the “Contacting BlackLine” section, below.

5. COOKIES

Regarding our use of Cookies, please follow this link to our cookies policy here.

6. YOUR RIGHTS

You may have certain rights relating to your Personal Data under local data protection laws. We have provided a summary below, but since some of the rights are complex, not all of the details have been included. We encourage you to read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. For example, these rights may include:

European Economic Area
  • Access. To access your Personal Data held by us.
  • Rectification. To rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete.
  • Erasure. To erase/delete your Personal Data, to the extent permitted by applicable data protection laws.
  • Restriction. To restrict our processing of your Personal Data, to the extent permitted by law.
  • Portability. To transfer your Personal Data to another controller, to the extent possible. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another data controller, but only where our processing is based on your consent and the processing is carried out by automated means.
  • Objection. To object to any processing of your Personal Data carried out on the basis of our legitimate interests. Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
  • Automated Decision-Making. Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects.
  • Withdrawal of Consent. To the extent we base the collection, processing and sharing of Personal Data on your consent, to withdraw your consent at any time, without effecting the lawfulness of the processing based on such consent before its withdrawal, and to lodge a complaint with your national supervisory authority.
  • Exercise of Rights. To exercise your rights, please contact us by using the information in the “Contacting BlackLine” section, below.
California
  • Access. To access your Personal Data held by us and to know what Personal Data is collected, used, shared or sold, both as to the categories and specific pieces of Personal Data. You can ask us to confirm that we are processing your Personal Data, provide you with details about such processing, and give you a copy of your Personal Data. Such details include the categories of Personal Data we have collected about you, the categories of sources from which your Personal Data is collected, the business or commercial purpose for collecting your Personal Data, the categories of third parties with whom we share your Personal Data and the specific pieces of Personal Data we have collected about you.
  • Erasure. To the extent permitted by applicable data protection laws, to erase/delete your Personal Data, subject to certain exceptions.
  • Portability. To transfer your Personal Data to another controller, to the extent possible. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another data controller, but only where our processing is based on your consent and the processing is carried out by automated means.
  • Non-discrimination. The right to non-discrimination in terms of price or service when you choose to exercise your privacy rights.
  • Opt-Out and Opt-In. To opt out of the sale of Personal Data. You are able to direct a business that sells your Personal Data to stop selling that Personal Data. Children under the age of 16 must provide opt in consent, with a parent or guardian consenting for children under 13. BlackLine does not currently sell Personal Data to third parties, so no opt-out or opt-in choices apply.
  • Disclosure. If a business sells your Personal Data to a third party, you have the right to know the categories of Personal Data the business sold about you, and the categories of third parties the business sold it to, including list by category of Personal Data for each third party to which the business sold Personal Data. BlackLine does not currently sell Personal Data to third parties, so there is nothing for us to disclose to you based on your right to know this information.
  • Exercise of Rights. To exercise your rights, please contact us by using the information in the “Contacting BlackLine” section, below.
  • California law permits residents of California to request certain details about what Personal Data a company shares with third parties for the third parties’ direct marketing purposes. BlackLine does not share your information with third parties for the third parties’ own and independent direct marketing purposes. If you have any questions about what personal information BlackLine may share with third parties that are not already answered in this Statement, please contact BlackLine at: PrivacyRequest@blackline.com.

7. HOW TO EXERCISE YOUR RIGHTS

To exercise your rights, or to verify, correct, or update the Personal Data you have provided to BlackLine, please contact us by using the information in the “Contacting BlackLine” section below.

We try to respond to all legitimate requests within thirty (30) days from the date of your request and, to the extent permitted under applicable law, will contact you if we need additional information from you in order to honor your request. If you are an employee of one of our customers, we recommend you contact your company’s license administrator for assistance in correcting or updating your information.

For requests to erase or delete Personal Data, please note that we may be required, by applicable law or otherwise, to keep your Personal Data and not delete it, or to keep your information for a certain time, in which case we will comply with your deletion request only after we’ve fulfilled such requirements. In certain situations, we might be unable to provide you with information on all of your Personal data due to legal requirements. If we have to deny your request for information because of legal requirements, we will state the reasons for denial.

BlackLine offers its visitors and customers a means to choose how we may use Personal Data. If, at any time after providing Personal Data, you change your mind about receiving information from us or about sharing your information with third parties, please contact us by using the information in the “Contacting BlackLine” section, below.

8. GENERAL PROVISIONS APPLICABLE TO ALL PERSONAL DATA

We process your Personal Data on one of the following legal bases:

  • Performance of a contract. When you or your company enter into an agreement with us, we will process your Personal Data to fulfill the terms of our contract (for example, the Hosted Service).
  • Legitimate interests. We may use your Personal Data for our legitimate interests provided that our legitimate interests are not outweighed by any prejudice or harm to your rights and freedoms, including:
    • improving our products and services and the content on our Public Website or Hosted Service (for example to manage our network, improve the service, and better tailor the features, performance and support of the service);
    • operating and administering our Public Website and the Hosted Service;
    • promoting the safety and security of the Public Website and the Hosted Service;
    • fulfilling your requests and communicating with you when you contact us; and
    • marketing and promoting the Hosted Service.
  • Consent. In some cases, you will give us consent to use your Personal Data for a specific purpose. For example, we will rely on your consent to use technical information such as cookie data.
  • Legal obligations. We may be required to process your Personal Data to comply with our legal obligations.
Retention and Storage of Information Collected

In accordance with the data minimization and purpose limitation principles, BlackLine will store your Personal Data for as long as reasonably necessary, and only for as long as required to fulfill the purposes of processing your Personal Data. Notwithstanding the foregoing, we may retain your Personal Data if such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. If we process your Personal Data, it may be erased automatically, or saved in a format which does not allow any direct conclusions to be drawn as to your identity as soon as the last specific purpose has been fulfilled.

Sensitive Information

We will not intentionally collect or process, and do not want you to provide, any sensitive Personal Data, including:

  • Personal Data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;
  • genetic or biometric data;
  • data concerning your medical or health condition; and
  • data concerning your sex life or sexual orientation.
Children’s Online Privacy Protection

Neither the Public Website nor the Hosted Service are designed for or directed to children. We do not intentionally collect or maintain information about anyone under the age of 16.

If you believe that we have collected Personal Data from a child under the age of 16, please contact us by using the information in the “Contacting BlackLine” section below, and we will make reasonable efforts to delete such information from our records.

Security

We take precautions including organizational, technical and physical measures designed to safeguard against the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of, or access to, the Personal Data we process or use. If you have any questions about the security of Personal Data, please contact us by using the information in the “Contacting BlackLine” section, below.

Do Not Track Requests

Certain web browsers have incorporated a “Do Not Track” feature. This feature, when turned on, sends a preference to the websites you visit indicating that you do not wish to be tracked. Those sites (or the third-party content on those sites) may continue to engage in activities you might view as tracking even though you have expressed this preference, depending on the sites’ privacy practices. Because there is not yet a commonly-accepted standard on how to interpret Do Not Track requests, BlackLine does not currently respond to browser Do Not Track requests on its websites or online services.

EU-US and Swiss-US Privacy Shield Framework

BlackLine participates in the EU-US and Swiss-US Privacy Shield Framework established by the U.S. Department of Commerce and European Commission regarding the collection, use and retention of personal data, as that term is defined in the Privacy Shield Framework ("Personal Data"), from EU member countries and Switzerland. BlackLine has certified that it adheres to the relevant Privacy Shield Principles. BlackLine’s participation in the EU-US Privacy Shield applies to all Personal Data that is subject to this Statement and is received from the European Union and the European Economic Area. BlackLine’s participation in the Swiss-US Privacy Shield applies to all Personal Data that is subject to this Statement and is received from Switzerland.

BlackLine remains responsible for any Personal Data that is shared under the Onward Transfer Principle, as defined in the Privacy Shield Principles, with third parties for external processing on its behalf, as described in the “Sharing of Information Collected” sections below. In addition, as part of BlackLine’s participation in the Privacy Shield Framework, it has designated JAMS as its ADR provider for resolving disputes under the EU-U.S. Privacy Shield and the Swiss-US Privacy Shield. For more information on JAMS as an ADR provider and the procedure for filing complaints, please see www.jamsadr.com/eu-us-privacy-shield and the Dispute Resolution section set forth below.

BlackLine is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”) with respect to Personal Data received or transferred pursuant to the Privacy Shield Framework.

We inform you that parts of your Personal Data may be transferred from the EU or Switzerland to the US in accordance with the EU-US Privacy Shield or Swiss-US Privacy Shield safeguards, as applicable.

Further information related to the EU-US Privacy Shield and Swiss-US Privacy Shield is available at https://www.privacyshield.gov.

Verification

BlackLine utilizes the self-assessment approach to assure its compliance with this Statement. BlackLine regularly verifies that the Statement is accurate, comprehensive, prominently displayed, completely implemented and in conformity with the EU-US Privacy Shield and Swiss-US Privacy Shield and conducts its self-assessment on an annual basis to ensure all relevant privacy practices are followed. Appropriate employee training is in place and internal procedures for periodically conducting objective reviews of compliance are in place. A statement verifying this self-assessment is signed by a corporate officer or other authorized representative at least once a year.

Disputes/Arbitration

BlackLine will attempt to investigate and promptly resolve any disputes or complaint regarding the interpretation or compliance with this Statement. You can submit a dispute or complaint to us as set forth in the section entitled Contacting BlackLine above. As part of BlackLine’s participation in the Privacy Shield Framework, it has designated JAMS as its ADR provider for resolving disputes under the EU-U.S. Privacy Shield and Swiss-US Privacy Shield. For more information on JAMS as an ADR provider and the procedure for filing complaints, please see www.jamsadr.com/eu-us-privacy-shield. Under certain conditions, more fully described on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Changes to this Privacy Statement

BlackLine reserves the right to change this Statement as reasonably necessary or advisable to accommodate changes to the law, technology or circumstances. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you using the email address you provided. We encourage you to periodically review this notice for the latest information on our privacy practices.

Contacting BlackLine

To exercise your rights regarding your Personal Data, or if you have questions regarding this Statement, please email BlackLine’s Security Administrator at PrivacyRequest@blackline.com or mail us at:

BlackLine Systems, Inc.
21300 Victory Blvd., 12th Floor
Woodland Hills, CA 91367
Attn: Security Administrator